Outcome Overview

bpfman is both an eBPF program gatekeeper and manager developed by Red Hat Office of the CTO (OCTO). It is currently in a sandbox queue to become a CNCF incubator project and is going to be the default in Fedora 30 for this purpose. Currently, it is the only viable project with the goal of both ensuring the secure deployment of eBPF applications and providing insights on eBPF program utilization within an OpenShift cluster.

At the time of this writing, OpenShift is using eBPF programs in 3 components of OpenShift: ACS, Ingress Node Firewall and the Network Observability Operator.

bpfman is a project within OCTO and the desired outcome of this work is to:

1. tech transfer the ability to develop and support bpfman from OCTO to the OpenShift SDN team
2. enable it for OpenShift components that use eBPF programs
3. fully support bpfman for customers to secure and manage their own eBPF programs

Success Criteria

bpfman is delivered OpenShift, used to manage and secure OpenShift's own eBPF deployments, and fully supported for customers to use for their own eBPF programs.

Expected Results (what, how, when)

1. Developer Preview at OCP 4.16
2. Technical Preview at OCP 4.17
3. GA at OCP 4.18

Post Completion Review – Actual Results

In progress.